Month: May 2018

Steve Naidamast kindly sent me his personal review of my Firebird 3 Migration Guide. I’m more than happy to share it here:

The Migration Guide to Firebird 3.0 is an excellently written technical manual that is filled with all the essential information anyone wanting or needing to work with Firebird 3.0 (now 3.0.x) will require.

Though called a migration guide, this well designed manual provides far more information than simply being relegated to how to move between earlier versions of the Firebird Database Engine and the most recent version of this highly capable database system. As a result, far exceeding the discussion of moving between database systems, this guide provides thorough explanations in detail on the various, unique server types that Firebird offers and how to decide which one is the best option for the requirements at hand, the necessary security configurations for each type of server and how to define users and their associated roles, enhancements to the PSQL language (the SQL variation used by Firebird), discussions on physical access to the server (ie: wire protocols), connection string enhancements, and last but not least, discussion on the Firebird Embedded Database Engine for desktop application development, which has been upgraded from the current 2.5 version.

Though written from the perspective of the needs of a Database Administrator, this manual should be an addition to any professional’s library who is serious about working with Firebird for the long term.

It is by far one of the superior manuals I have read over the years on the subject of database systems. Such manuals should surely aid in the growth of the Firebird Community so that this database system can take its rightful place among the current standards of use in today’s database application development endeavors…

Here is the description for CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded. In
order to achieve this, the default configuration has changed to UdfAccess=None.
This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.

Though I have extensive database application development experience, I do not consider myself an expert with the Firebird Database Engine to any degree. The following article is completely based upon observations and experiences during my attempts to learn and understand this highly capable engine. As a result, if there are misunderstandings or mistakes I have promoted in my writing, please do not hesitate to send in comments either correcting them or offering alternatives.

Read the new white paper “Authentication in Firebird” from IBPhoenix: Developments introduced in Firebird 3 provide many options for authenticating users attempting to attach to a database. No longer is authentication restricted to a single method: the methods available are determined by the plug-in authentication modules configured in the global and/or database config files.
Also, there are many interesting articles in Documentation area of IBPhoenix website.

Since Firebird 3 was released, users have sometimes been confused about the “missing” kits for Firebird embedded. We hope this article will demystify the issue and help developers migrating older embedded applications to Firebird 3 and higher.
Read the new white paper by Helen Borrie, Embedded Server in Firebird 3.